IPv6 tunnel

To most of those users which their ISP do not offer IPv6 connectivity, the IPv6 Internet is unknown land. However, free tunnel broker services such as Hurricane Electric can bridge an IPv4 connection with the IPv6 Internet.

Posted by Diego Pino García on April 2, 2016

The IPv6 Internet is like the dark matter, completely invisible to the most widely used IPv4 Internet. One solution to access the IPv6 Internet from an IPv4 connection is to use a tunnel broker. A tunnel broker acts as a middle point between IPv4 and IPv6. There are several IPv6 tunnel broker services available, one of the most populars is Hurricane Electric.

When signing up in a tunnel broker service such as HE, you’re given a Client IPv6, a Server IPv6 and a Server IPv4. While signing up for the service, you’ll need to provide your Client IPv4 public address. It’s possible to consult this address at whatismyip.com. In my case, HE service complained that the address was not pingable. I had to enter my local router and disable the option WAN Blocking as when is activate it prevents the host to pingable from other hosts.

The informaton provided by HE will be enough to setup an IPv6-in-IPv4 tunnel in your host. Your outgoing IPv6 packets will be piped through this tunnel, reaching HE’s server which will decapsulate packets, forwarding them to its destination in the IPv6 Internet. Likely, the inverse process takes place on incoming packets.

While signing up at HE, the service provides a script for setting up the IPv6-in-IPv4 tunnel making the overall setup very easy. This is how the script looks like for Linux.

1 modprobe ipv6
2 ip tunnel add he-ipv6 mode sit local <Client-IPv4> remote <Server-IPv4> ttl 255
3 ip link set he-ipv6 up
4 ip addr add <Client-IPv6> dev he-ipv6
5 ip route add ::/0 dev he-ipv6
6 ip -f inet6 addr
  • Line 2 creates a SIT tunnel called he-ipv6. A SIT tunnel is nothing but an IPv4-in-IPv6 tunnel. The tunnel creates an end-to-end connection from Client-IPv4 (our client IPv4 address) and Server-IPv4 (HE’s IPv4 address).
  • Line 4 assigns address to the tunnel.
  • Line 5 routes all IPv6 packets in our host through the tunnel.

Notice that if you’re behind a router, which is the most likely case, your Client-IPv4 address will be actually a private address. That’s actually the address you should use as Client-IPv4, and not your public IPv4 address. I mention that because it’s a common pitfall when tweaking this script.

Once the setup is done try pinging ipv6.google.com to check it works.

$ ping6 ipv6.google.com
PING ipv6.google.com(lis01s13-in-x0e.1e100.net) 56 data bytes
64 bytes from lis01s13-in-x0e.1e100.net: icmp_seq=1 ttl=57 time=97.3 ms

networking ipv6